Commit 432320fa authored by Tails developers's avatar Tails developers
Browse files

Remove the htp user firewall exception.

parent 58e1b1a3
......@@ -12,18 +12,11 @@
# Established outgoing connections are accepted.
[0:0] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Note: this must run before traffic is dispatched to the lan rule.
# The htp user is allowed to connect to services listening on the https port...
[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport https -j ACCEPT
# ... and to services listening on the domain port.
[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport domain -j ACCEPT
[0:0] -A OUTPUT -m owner --uid-owner htp -p UDP --dport domain -j ACCEPT
# Internal network connections are accepted.
[0:0] -A OUTPUT -d 127.0.0.0/255.0.0.0 -j ACCEPT
# Local network connections should not go through Tor but DNS shall be
# rejected - apart for the htp user.
# rejected.
[0:0] -N lan
[0:0] -A lan -p TCP --dport domain -j REJECT
[0:0] -A lan -p UDP --dport domain -j REJECT
......@@ -65,12 +58,6 @@ COMMIT
# i2p is allowed to do anything it wants to.
[0:0] -A OUTPUT -m owner --uid-owner i2psvc -j RETURN
# The htp user is allowed to connect to services listening on the https port...
[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport https -j RETURN
# ... and to services listening on the domain port.
[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport domain -j RETURN
[0:0] -A OUTPUT -m owner --uid-owner htp -p UDP --dport domain -j RETURN
# .onion mapped addresses redirection to Tor.
[0:0] -A OUTPUT -d 127.192.0.0/255.192.0.0 -p tcp -m tcp -j REDIRECT --to-ports 9040
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment